WASHINGTON – Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and Ranking Member Susan Collins, R-Maine, say FEMA’s disaster response mission is undermined by the agency’s poor information technology (IT) management.
In a letter to Homeland Security Secretary Janet Napolitano, the Senators cited a recent Department of Homeland Security (DHS) Inspector General report that found FEMA has no clear vision for modernizing its IT systems, and its management is so decentralized as to be ineffective. As a result, taxpayer money is squandered, some database information is incorrect, states must file paper requests for disaster assistance, and FEMA officials must track and reconcile some disaster funds and assets by hand. The letter follows:
July 18, 2011
The Honorable Janet Napolitano
Secretary
Department of Homeland Security
Washington, DC 20528-0150
Dear Secretary Napolitano:
In October 2006, a year after the failed response to Hurricane Katrina, Congress passed the Post-Katrina Emergency Management Reform Act (the Post-Katrina Act) (P.L. 109-295), which created a new Federal Emergency Management Agency (FEMA) by giving it responsibilities, missions, capabilities, and resources that far exceeded those of FEMA at the time Hurricane Katrina made landfall. Congress recognized that as FEMA’s responsibilities grew, the agency would need to enhance its mission support divisions as well. To that end, section 640 of the Post-Katrina Act required FEMA to take several measures to improve and update its information technology (IT) systems in coordination with the Department of Homeland Security’s (DHS) Chief Information Officer. A recent report by the DHS Office of Inspector General (OIG) entitled The Federal Emergency Management Agency Faces Challenges in Modernizing Information Technology (OIG-11-69), finds that while FEMA has made some progress in improving its IT systems, the agency’s IT systems do not support disaster response activities effectively. IT problems have long plagued FEMA – indeed the OIG has reported problems with FEMA’s IT systems going back at least as far as 2004.
The recent OIG report criticized FEMA’s failure to have a clear vision for modernization of its IT systems and lack of a comprehensive strategic plan to coordinate, guide, and prioritize IT projects and modernization. It also criticized FEMA’s failure to establish a complete inventory of existing IT systems – while the Office of the Chief Information Officer (OCIO) has established an official systems inventory of approximately 90 operational IT systems, there are believed to be several hundred other IT systems at FEMA that are not captured in this inventory. It is critical that FEMA evaluate and account for all of its IT systems so that it may prioritize where improvements are most needed.
The OIG report indicates that many of FEMA’s problems stem from the decentralized nature by which its IT is funded and managed at the agency. In FY 2010, FEMA spent $391 million on IT, however the OCIO, the office responsible for overseeing IT projects, accounted for only 29% or $113 million of that spending. The remaining funding was spent and controlled by the program offices or regional offices independent of the OCIO. According to the report, because the program offices receive direct funding for IT, the program offices have historically developed IT systems without input or guidance from the OCIO, which has led to independent, non-integrated, and potentially duplicative systems. The report notes one particularly egregious example where a program office, acting independently and without consulting the OCIO, spent approximately $7.5 million to develop an IT system that was ultimately unable to meet FEMA’s security and technical requirements. This problem persists despite the fact that the OCIO issued agency-wide guidance in 2008 which required OCIO review and approval for IT purchases over $10,000. Inexplicably, the OIG found that FEMA programs are reluctant to comply with this process. The decentralized manner in which FEMA manages its IT systems also appears to run contrary to DHS Management Directive 0007.1 under which agency Chief Information Officers were given responsibility for, among other things, managing agency IT resources and developing and reviewing the agency’s budget.
Because of these many problems, the report concludes that FEMA’s IT systems do not effectively support FEMA’s operations and cites several troubling examples. First, FEMA’s property management and supply chain systems, which inventory and track commodities, are not integrated, leading to inaccurate information in the databases and requiring duplicative work by staff. Second, FEMA’s financial and acquisition systems, which together account for 80% of disaster funds, are not integrated, forcing staff to manually track and reconcile funds. Finally, FEMA’s IT systems are not able to effectively integrate with its stakeholders’ systems which can hinder effective disaster response. For example, states are still required to request assistance during disaster response on paper forms – something that caused serious complications in the failed response to Hurricane Katrina.
Given the importance of FEMA’s mission and the integral role that IT systems play in helping to fulfill that mission, it is essential that FEMA properly manage its IT investments. To accomplish this, we call on you to ensure that the FEMA OCIO has the resources and support from DHS and FEMA senior level management necessary to manage and guide FEMA’s IT investments. We also ask that you work to ensure that FEMA’s OCIO coordinate with and leverage the resources of the DHS Management Directorate, including the DHS Chief Information Officer (CIO) in working to improve its IT systems. We request that FEMA and the DHS Management Directorate brief our staff on their response to this report within 15 days and thereafter provide quarterly briefings on progress in improving FEMA’s IT systems. In addition, we ask that you provide answers to the following questions within 30 days of receipt of this letter:
1.How do you plan to improve FEMA’s management of its IT systems?
2. Which IT systems have FEMA prioritized for investment and improvement in the next year?
3. What steps is FEMA taking to develop a comprehensive IT strategic plan with clearly defined goals and guidance for program office initiatives? What is the timeframe for completion of such strategic plan?
4. How does FEMA ensure compliance by both program and regional offices, with agency-wide guidance, which requires OCIO review and approval for IT purchases over $10,000? In light of this report, what changes will FEMA make to further ensure compliance with this guidance?
5. What immediate steps is FEMA taking in response to the recommendations made by the most recent OIG report (OIG-11-69)? What is the timeframe for completion of the recommendations? Please be specific and separately respond to each of the six recommendations.
6. How does FEMA coordinate with the DHS CIO as required by section 640 of the Post-Katrina Act? To date what role has DHS’s Management Directorate played in FEMA’s IT systems and what role will it play in improving FEMA’s IT systems and correcting problems identified in the report? 7. Do you have sufficient resources to address the problems raised and recommendations made in this report?
8. What is FEMA’s timeframe for completing an inventory of all of the agency’s IT systems?
9. We have recently learned that DHS will abort plans to construct a combined financial, acquisition and asset management system, known as TASC. Prior to cancellation of this project, the OIG reported that FEMA slowed down or halted a number of IT modernization initiatives because TASC would have replaced those outdated systems. With TASC’s cancellation, what are FEMA’s plans to modernize outdated financial, acquisition and asset management systems?
We look forward to your responses and to working with you to address these critical concerns. If you have any questions, please have your staff contact Elyse Greenwald at (202) 224-XXXX or Eric Heighberger at (202) 224-XXXX.
Sincerely,
Joseph I. Lieberman Susan M. Collins
Chairman Ranking Member
cc: FEMA Administrator Fugate
-30-